Cybersecurity Apple Fixes Thunderstrike and Other Vulnerabilities in Latest OS X Beta Published 4 years ago on January 27, 2015 By Neil Sardesai A few weeks ago, security researcher Trammell Hudson discovered a vulnerability in Apple’s low-level firmware that could allow a rogue Thunderbolt device to flash its own code to a Mac’s boot ROM. This type of bootkit, dubbed “Thunderstrike” since it relies on Thunderbolt IO as an attack vector, would be very difficult to remove or even detect. Thunderstrike works by injecting an Option ROM into a Mac’s EFI. What that essentially means is that a malicious Thunderbolt device can replace Apple’s firmware with its own rogue version, without leaving any traces. Since this type of firmware isn’t stored on the hard drive, simply reinstalling the OS would not remove Thunderstrike. Furthermore, Thunderstrike replaces Apple’s cryptographic signature, which is used to verify firmware integrity. Fortunately for Mac users, the latest OS X beta includes a fix for Thunderstrike, and a public patch shouldn’t be too far away. UPDATE: OS X 10.10.2 has been released to the public. If you own a Mac, simply go to the Mac App Store to download and install the update. Thunderstrike Patched in OS X 10.10.2 Beta Since Thunderstrike requires physical access to a target machine, the issue is not as serious as it could have been. Furthermore, aside from Thunderstrike, there are no known Mac bootkits in the wild, and Thunderstrike is mainly a proof-of-concept, anyway. That being said, the vulnerability still exists, and Hudson has discussed the patch with Apple. Hudson demonstrated his proof-of-concept at the Chaos Communication Congress in December. According to his research, Apple’s latest Mac Minis and Retina 5K iMacs are already immune to Thunderstrike, and Apple’s engineers have been developing a patch for the rest of the Mac product line. According to a report from Apple news site iMore, “To secure against Thunderstrike, Apple had to change the code to not only prevent the Mac’s boot ROM from being replaced, but also to prevent it from being rolled back to a state where the attack would be possible again. According to people with access to the latest beta of OS X 10.10.2 who are familiar with Thunderstrike and how it works, that’s exactly the deep, layered process that’s been completed.” However, Hudson also told Ars Technica that he hasn’t yet tested Apple’s latest patch. “The version [of the patch] that I tested in Hamburg was still subject to downgrade attacks and I demonstrated it for Apple… Hopefully they have fixed that bit, although the fact that they are leaving Option ROMs enabled at all really worries me.” Other Unrelated Vulnerabilities Fixed in 10.10.2 Google’s Project Zero security research team recently disclosed three OS X vulnerabilities to the public (here, here, and here). Project Zero offers companies a 90-day window to fix vulnerabilities before disclosing them to the public – a policy designed to give companies ample time to address security issues while also incentivising them to provide patches in a timely manner. On their own, these exploits aren’t that critical as they require some sort of access to the target machine, either physical or remote. However, these exploits can potentially be combined with other attacks to escalate privileges and take over the target machine. One of the vulnerabilities was already fixed with the release of OS X Yosemite (10.10), and the other two appear to have been fixed in 10.10.2. While it’s important to be informed of new vulnerabilities, most Mac users shouldn’t have anything to worry about. These exploits require direct access to target machines, and patches are already on the way. Images from Shutterstock. Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink. Rate this post: Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way. (0 votes, average: 0.00 out of 5)You need to be a registered member to rate this. Loading... Neil Sardesai I've always been interested in the latest stuff in science and technology, and I'm currently a freshman undergraduate electrical engineering student at the University of Texas at Austin. Follow @HackedCom Feedback or Requests? Related Topics:AppleEditor's PickThunderbolt IOThunderstrike Up Next US Still Convinced North Korea Attacked Sony Don't Miss IsoHunt Is Sick of Closed-Development; Offers $100,000 for Open-Source Developers You may like Pre-Market: Asia Extends Losses as Apple’s Keynote in Focus Pre-Market: Dollar Rallies on Hawkish Fed, Turkish Lira Hits Record Low Apple Earnings Beat Outweighs Trade War Fears as Fed Looms Nasdaq Leads Stocks Lower as Dollar Retreats Before Central Bank Bonanza Tech Titans Bullish on Bitcoin Pre Market: Dollar Up, Stocks Flat as Trump Now Targets OPEC 1 Comment 1 Comment Frank Garcia January 27, 2015 at 6:02 pm Waiting for the day to come when everyone using Apple pay gets hacked and money stolen. My bet is that it happens before the end of 2015. Log in to Reply You must be logged in to post a comment Login Leave a Reply Cancel replyYou must be logged in to post a comment. Altcoins EOS Price Forecast: EOS/USD Heading for Another 300% Move? Published 1 day ago on October 17, 2018 By Ken Chigbo EOS/USD price action via the 4-hour chart view has formed a bullish flag pattern. The price is moving around levels seen back end of March to early April, before a bull run of over 300%. The past six sessions for EOS/USD have been erratic to say the least. It has been subject to a high amount of volatility, swinging aggressively in both directions. There has been a lack of commitment from either the bear or bull camps of late. As the market continues to trade with such behavior, it appears to be trying to find its feet, ahead of a potential chunky firm trend. EOS DApp Hacked Again An EOS based gambling DApp, EOSBet has been hacked, with $338,000 being reported as stolen. This isn’t the first time; just back in September, hackers managed to get away with a reported 40,000 worth of EOS, which at the time had a value of $200,000. It has been said that they were able to exploit their smart contracts, having found security vulnerabilities. Technical Review – 4-hour Chart View EOS/USD 4-hour chart EOS/USD price action has formed a bullish flag pattern, which began taking shape on 15th October, after the aggressive price behavior stabilized. The bulls at the time ran the price well up into $6 territory. Consequently, it then met the breached ascending trend line, failing to move back above this area. This followed the sharp breakthrough to the downside, which occurred on 11th October. As a result, a drop of over 15% was seen, forcing EOS/USD to retreat in a demand area, within the $5.0000 level proximity. Looking to the upside, small near-term resistance is seen at around $5.6100, which is the upper trend line of the mentioned bull flag pattern. A breakout will likely open the doors to a retest of the broken ascending trend line, tracking around $6.1100. Support can be eyed at $5.4600, which marks the lower trend line of the flag. Furthermore, should this fail to hold, EOS/USD could likely fall back down to the serving demand area, within the lower $5.0000 territory. April 2018 Bull Run EOS/USD April bull run In April of this year EOS/USD entered a chunky bull run, gaining over 300%. From the back end of March until 11th April, the price had been stuck within consolidation mode. Resulting in the price trading within a tight range, at levels of where the price is currently seen today. Something quite astonishing started to unfold. Between the period of 11th April to the 29th April, a bull run of around 290% was seen. Over this time frame EOS/USD went from $5.9500 up to a high of around $23.0811. The price is currently demonstrating a similar behavior to that of what was seen during the mentioned period. It is interesting to note that the price did have historical levels to break through, as it had already run higher during the period of December 2017 and came back down. Finally, this is not to say EOS/USD will observe the same bull run. However, it is an interesting observation to be aware of. Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading. Featured image courtesy of Shutterstock. Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink. Rate this post: Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way. (1 votes, average: 5.00 out of 5)You need to be a registered member to rate this. Loading... Ken Chigbo 4.5 stars on average, based on 32 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets. Follow @HackedCom Feedback or Requests? Continue Reading Altcoins “Mass Adoption is the Direction Things Are Taking” – Lionel Wolberger, CTO and Co-Founder of Platin Published 2 days ago on October 16, 2018 By Daniel Mitchell Platin is a new blockchain token-based ecosystem which powers an infrastructure platform that incorporates a proprietary programming language (‘SolidityGEO’), all in the name of accomplishing a so-called decentralized ‘Proof of Location’ protocol. We reached out to the team to find out more about how their solution works, the current state and future vision. The result of this outreach was a warm reception from the company’s Chief Technical Officer (CTO) and Co-Founder Lionel Wolberger, with whom we discussed such topics as well as Platin’s: objectives, company ethos, and views on the current state of the crypto space. Who is Behind Platin? Lionel Wolberger’s experience with cryptocurrency and blockchain spans as far back as 2011, where he “spoke about it at Cisco Secure Video where our team of cryptographers included the inventor of Public Key Cryptography himself, Prof. Adi Shamir.”. It wasn’t until two years later before Wolberger got the opportunity to professionally re-engage with crypto technology, when he participated in an experiment on behalf of the Internet Identity Workshop “and decided to study it more closely and see what it was all about.” In 2017, Lionel Wolberger created Platin alongside co-founder Allon Mason when they “identified the potential for a secure and lightweight Proof of Location protocol on the blockchain.”. Wolberger met mason during academia at Cornell University, having “always admired his drive and passion for the projects he has developed over the years, particularly XPLace an online marketplace with hundreds of thousands of users and multi-million dollar annual turnover.” Wolberger also highlights the fact that the team is working alongside secure-location advisor Professor Srdjan Capkun (Director of the Zurich Information Security and Privacy Center, ZISC), which he calls a “privilege”. “Dr. Capkun is an ideal advisor, as he sits on the major standards committees, and has an inside track to secure GPS and other important technologies associated with secure proof of location.” What is Platin? Whilst participating in the “’colored coin’ experiment’” for the Internet Identity Workshop, Wolberger had a fundamental epiphone with regards to his perception of blockchain and the purpose of cryptocurrency: “it’s not about currency, but an asset tracking system of decentralized trust that could also provide the basis for so much more than just currencies.” As such, Platin’s purpose is to provide a utility-token based platform which they (on their website) describe as a system for the “Geo-location of digital assets (cryptocurrencies, documents, images, etc.), anywhere on the map, anywhere in the world, in real time.”. There are a wide range of uses for geo-locational software, from marketing to emergency broadcasting regarding critical events such as national disasters. Official use-cases include: Lionel Wolberger lists, among the key values of Platin its hardware agnosticism as well as its interoperable nature. “Interoperable refers to Platin’s protocol, that it is cleanly defined and independent, enabling it to work with many other products or systems, at present or in the future, in many possible implementations with few restrictions. This is achieved by having a clean interface (API, SDK) and is essential as Platin is needs to inter-operate with Android, Apple, many backend systems and blockchain assets. “Hardware agnostic refers to one aspect of Platin’s Proof of Location protocol, its ability to work with any — all, i possible — geospatially relevant signal sources. This will certainly include GPS, cll towers and wifi, but will extend to BLE, LoRA, Ultrasound, indeed any signal that has relevance for a Proof of Location. This is achieved by having a clear definition of Proof of Location and how a device’s location relates to all this other data.” Furthermore, the team is planning to implement cross-chain compatibility in the future, including Ethereum / EOS. A Security Focus Security is also a key concern and this is echoed in our interview as well as across the website for Platin. The company even mentions KYC / AML with its list of use-cases for the platform. One way which the company seeks to achieve this is through the use of hardware cold-storage systems for the safe-keeping of all tokens, with their first wallet integration being TrustWallet. They also, according to Wolberger, are anticipating a future partnership with Ledger. Lionel Wolberger claims that “Platin has security and privacy baked-in from the start. Some features that reflect this approach include. Platin’s architecture starts with individuals storing their own data, with blinded commitments shared to the network. Platin’s functionality is “opt-in” based, reflecting a deep respect for our users as sovereign digital actors. You opt-in for the sharing of data, whatever you are comfortable with. The default is no sharing. One of our Platin’s hires was a full-time cryptographer, and we are open sourcing our first zero knowledge cryptographic achievement: a ZK Range proof of bounded location. This shows our cryptographic and security passion. Platin’s default pattern is “send the algorithm to the user,” rather than, “have the user send their data to the network.” Our Artificial Intelligence is privacy-preserving in this way. Platin’s three pillars of security are orthogonal, working together to create a secure proof of location that would not be possible with any one of those pillars” Geolocation and Geofencing With use cases including retail shopping and other location-based rewards initiatives, Platin incorporates (and is responsible for the effective utilization of) specific technical and methodological processes pertaining to their geo-locational solution / protocol. This scenario is made fully possible using a technology called ‘geo-fencing’ which is essentially, according to Wolberger, “An ability to restrict and define usage within the boundaries of their regulatory and legal jurisdiction.” “imagine that a national supermarket chain airdrops coupon for 10% off certain items to celebrate the launch of their new store However, they do not want these coupons to be redeemable at other locations as they want to drive traffic to this new store. “With a special smart contract, the coupon will only work within the geo-fenced area around the new store.” Attempts at geo-location are most effective with both the consent and honest participation of both direct and third-party sourced users. Considering tech scandals surrounding personal and public data privacy & security, it has become increasingly difficult to encourage people to confide their personal data sincerely. This is where rewards-based systems such as Platin come in. Humanitarian Aid (A Use Case) Another key use case cited, which Wolberger doubles down on in our discussion is that of charitable coin drops… “We think it is incredibly important to focus on use cases such as humanitarian aid airdrops. “While our technology has broad commercial uses, our team is passionate about seeing the project bring new ways to enable ordinary people use cryptocurrency, and an ideal win/win use case is the ability to transfer crypto to people who need assistance. “Blockchain and cryptocurrency can often seem intimidating to people, but mass adoption is the direction things are taking. Platin wants to ensure that everyone can access and utilize this technology to utilize decentralized funds in a beneficial and potentially life-saving way.” These partnerships include IsraAID (with whom theys already signed an agreement) in addition to the Swiss Red Cross (with whom they are currently in discussions), where Platin plans to further develop and test their systems and processes with regards to how they will integrate geo-location focused / geo-fenced cryptocurrency airdrops. Another, tangentially related use-case is: “the Tokyo Olympics airdrops… we are currently discussing the opportunity with our Tokyo-based partners. “The Olympics has traditionally seen technological innovation, such as instant replay, virtual video graphics and most recently 5G deployments. This is the year of blockchain, and we look forward to announcing details once we are permitted.” Final Words All these features, aims and objectives are tied together by the fact that they are all built upon not only a proprietary – but also a home-grown programming language which third parties can leverage for their own projects when working on the Platin blockchain. “SolidityGEO extends Ethereum’s Solidity language, GEOS extends EOS’s C++ language. These will equip our partners for fast onboarding into location proofs on the blockchain.” SolidityGEO is what Platin calls a “location-aware language” created to help the utilisation and implementation of geographic demarcation for token distribution, rewards and airdrops. It will additionally include ZK-Snarks and Starks zero-knowledge proof mechanisms as well as general operating standards such as ISO and W3C. Finally, with regards to the future: “Proximity radio technology is being deployed steadily, without any loud publicity. 5G, RTT-enabled Wi-Fi, and IEEE secure proximity radio standards promise highly accurate distance readings via radio. The average person feels this progress in the slow spread of keyless entry–just having a key, fob or smartphone in your pocket to unlock a desired resource such as your car or home. Platin has partners in this space and there are sure to be exciting announcements in the next six months (though they will be quite technical, they will promise rapid progress).” Featured image courtesy of Shutterstock. Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink. Rate this post: Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way. (2 votes, average: 5.00 out of 5)You need to be a registered member to rate this. Loading... Daniel Mitchell 4.5 stars on average, based on 12 rated posts Follow @HackedCom Feedback or Requests? Continue Reading Altcoins Monero Price Analysis: XMR/USD Slips Below Crucial Daily Support Ahead of System Update Published 1 week ago on October 10, 2018 By Ken Chigbo Monero’s navitve token XMR is forced to breach a key area of support by the market bears. XMR/USD was being support by an ascending trend line, running from 14th August. The Monero foundation is scheduled for a routine network upgrade. Monero Network Update The Monero foundation is scheduled to update its network on 18th October, as a result this will be bringing a new hard fork to its token. They have been making it a routine process now, hard forking every six months. Their focus being on the likes of increased ring-size for more privacy, with large transactions and tweaking their proof of work algorithm. In terms of this upgrade, the goal is to enhance efficiency and make some adjustments to the current proof of work algorithm. Ultimately, to make it resistant and curb the threat of ASIC mining. Developers at Monero will be implementing the new Bulletproofs protocol. This will see greater privacy, lower fees and faster verification. It will reduce transaction size by an estimated 80%. Technical Review – Daily Chart XMR/USD daily chart XMR/USD slipped out to the downside from an ascending trend line. As a result, the market bears managed to push for a breach and daily close below on 7th October. The support had been running since 14th August, where the price hit a low of $76.739. A retest has been seen and pressure is now gradually mounting on Monero’s XMR. In terms of support, the 50DMA has provided some initial comfort for now. Furthermore, the next major downside support is observed in a chunky demand area. This is seen tracking from $86 down to $76. Resistance will now be eyed at $116.550 area, underneath the breached ascending trend line. In proximity to the 100DMA, which may cause some difficulty for the bulls. Elsewhere, further to the north, resistance can be seen within the $125.000 territory. Finally, heavy supply is tracking from $140 up to $150. Technical Review – 4-hour Chart XMR/USD 4-hour chart Despite the above-mentioned daily breakout from the supporting trend line, there is still some hope for XMR/USD in the near-term, because from looking at the 4-hour chart view, the price has been moving within a range-bound block. This narrowing area has been running since 26th September. Fortunately for the price, a fresh wave of selling pressure has been prevented for now. The lower part of the mentioned range has proven to see some near-term support. Therefore, the protection has been observed from around $112 to the high $111 territory. Although, a breach of this area could see a fast fall back down to sub $100, last traded below here on 12th September. While further downside pressure could force a retreat back down to a firm demand zone. Eyes would be on $86-77 range for buying. Disclaimer: The author owns bitcoin, Ethereum and other cryptocurrencies. He holds investment positions in the coins, but does not engage in short-term or day-trading. Featured image courtesy of Shutterstock. Important: Never invest (trade with) money you can't afford to comfortably lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here. Trade recommendations and analysis are written by our analysts which might have different opinions. Read my 6 Golden Steps to Financial Freedom here. Best regards, Jonas Borchgrevink. Rate this post: Important for improving the service. Please add a comment in the comment field below explaining what you rated and why you gave it that rate. Failed Trade Recommendations should not be rated as that is considered a failure either way. (2 votes, average: 3.50 out of 5)You need to be a registered member to rate this. Loading... Ken Chigbo 4.5 stars on average, based on 32 rated postsKen has over 8 years exposure to the financial markets. During a large part of his career, he worked as an analyst, covering a variety of asset classes; forex, fixed income, commodities, equities and cryptocurrencies. Ken has gone on to become a regular contributor across several large news and analysis outlets. Follow @HackedCom Feedback or Requests? Continue Reading Recent CommentsChris G on Crypto Update: Altcoin Market Cap on the Verge of Trend Reversaldavidstewartkim on “The Core of Any Blockchain Project is Decentralization” – Jack Zhang, Lightning BitcoinDaniel Won on ICO Analysis: Dusk NetworkSholaO on ICO Analysis: Dusk NetworkDaniel Won on ICO Analysis: Dusk Network Tron (TRX) Progressing Faster Than Anyone Predicte... Breakout Imminent Ripple Price Analysis: XRP/USD Subject to Pullback... Trade Recommendation: Stellar Trade Recommendation: Ripple Crypto Update: Coins Edge Lower in Quiet Trading Hawkish Fed Lifts Yields, Dollar as Stock-Correcti... Recent Posts Selloff Resumes as Italian Budget Crisis Deepens October 19, 2018 A Tale of Two Pumps: PIVX and INS Ecosystem in Coordinated 25% Spikes on Bithumb Listing October 19, 2018 Market Update: U.S. Stocks Take the Plunge as China Selloff Intensifies; Crypto Institutional Lending on the Rise October 18, 2018 ICO Analysis: NODVIX October 18, 2018 Gemini Dollar Approaches Parity with USD After Rocketing Higher Earlier in Week October 18, 2018 Pre-Market Analysis And Chartbook: Stocks Turn Lower as Treasury Yields Eye Multi-Year Highs Again October 18, 2018 Monero Price Analysis: XMR/USD is Stable and Gunning for Potential Gains on “Bulletproofs” Technology Update Day October 18, 2018 NEO Price Leapfrogs Market as Technical Article Competition Underway October 18, 2018 Tron (TRX) Progressing Faster Than Anyone Predicted – Including Justin Sun October 18, 2018 Trade Recommendation: Stellar October 18, 2018 A part of CCN Hacked.com is Neutral and Unbiased Hacked.com and its team members have pledged to reject any form of advertisement or sponsorships from 3rd parties. We will always be neutral and we strive towards a fully unbiased view on all topics. Whenever an author has a conflicting interest, that should be clearly stated in the post itself with a disclaimer. If you suspect that one of our team members are biased, please notify me immediately at jonas.borchgrevink(at)hacked.com. Trending Cryptocurrencies1 week ago Monero vs. ZCash: Privacy Coins Compared Analysis6 days ago Bitcoin Update: 2018 and 2014 Bear Market Comparison Altcoins5 days ago Electroneum’s Benchmark Month Sends ETN Coin Price Up 333% Altcoins1 week ago Bribery on Binance? DigiByte’s Jared Tate Blasts CZ Over DGB Listing Demands Altcoins6 days ago Digitex Futures (DGTX) Cements Top 100 Position with 194% Two-Week Growth Analysis1 week ago Crypto Update: Trade Setups for Bitcoin Cash and 0x Altcoins1 week ago Ripple Price Analysis: XRP/USD at Risk of September Bull Run Being Completely Deflated Bitcoin1 week ago Could Bitcoin Challenge Ethereum?